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(54) Method for securely communicating remote control commands in a computer network 

(57) A method for providing secure remote control 
commands in a distributing computer environment. In 
the preferred embodiment of the invention, a network 
administrator or network nnanagement software creates 
a shutdown record, including an index or time stamp, for 
powering down a specified network computer(s). Prior 
to broadcast over the network, a secure one-way hash 
function is performed on the shutdown record. The re- 
sult of the one-way hash function is encrypted using the 
network administrator's private key, thereby generating 
a digital signature that can be verified by specially con- 
figured network nodes. The digital signature is append- 
ed to the original shutdown record prior to broadcast to 
the network. Upon receiving the broadcast message, 
the targeted network computer(s) validates the broad- 
cast message by verifying the digital signature of the 
packet or frame. The validation process is performed by 
deciypting the hash value representation of the shut- 
down record using Iho network administrator's public 
key,'. A one-way hash function is also performed on the 
origiir^l shutdown record portion of the received mes- 
saqe. If the two values match, the broadcast message 

{QPT10MAU 

is determined to be authentic and the shutdown control I 
code is executed. The invention insures that the shut- ^ — c^^^ 
down command was neither modified in transit nor orig- QwicowtJ 
inated from an unauthorized source. 

FIG. 3 
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(54) Method for securely communicating remote control commands in a computer network 



(57) A method for providing secure remote control 
commands in a distributing computer environment. In 
the preferred embodiment of the invention, a network 
administrator or network management software creates 
a shutdown record, including an index or time stamp, for 
powering down a specified network computer(s). Prior 
to broadcast over the network, a secure one-way hash 
function is performed on the shutdown record. The re- 
sult of the one-way hash function is encrypted using the 
network administrator's private key, thereby generating 
a digital signature that can be verified by specially con- 
figured network rxxJes. The digital signature is append- 
ed to the original shutdown record prior to broadcast to 
the network. Upon receiving the broadcast message, 
the targeted network computer(s) validates the broad- 
cast message by verifying the digital signature of the 
packet or frame. The validation process is performed by 
decrypting the hash value representatkxi of the shut- 
down record using the network administrator's public 
key. A one-way hash function is also performed on the 
original shutdown record portion of the received mes- 
sage. If the two values match, the broadcast message 
is determined to be authentic and the shutdown control 
code is executed. The invention insures that the shut- 
down command was neither modified in transit nor orig- 
inated from an unauthorized source. 
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[0001] The ihventibh relates 'to security in a computer' 
network: arid rrKire particularly lo a secure method for" 
commtih icat ing rembte coht rbl commatrtds"^ in a dist rtout- 5 * 
ed computing'ehvironment.' . - J t : 
[0002] A majority ot today's businesses utilize^bme 
form of computer network' As servers airid clients are ^ 
deployed into' more mission critical erivirbriments and " 
used in more'^riemote areas; the amount of 'human re-" io 
sources required to manage these c6mpi!it'er networks 
is growing!' Computer networks are often maintained by 
either a network administrator or an Information Sys- 
terhs (IS) department. Network administrators are often 
tasked With jserforming such duties as data backups or - i5 
softvi&re updates on network computers at times when 
network users' win hot be negatively Impacted (eig., at 
night)/These'tasks are simplified somewhat by relative- 
ly new network management hardware and software 
that allows iemole access lo network corrputers. To re- 20 
motety'access netwbrk computers, however, requires 
that network users leave machines running br disable 
enerigy saving features.^ This requirement c^n &>hflict 
with efforts to reduce computer power cdrisumption. 
[0003]' In fjarticular,' the Envirorirnen^l Protection 2S 
Agency (EPA) has attempted; through the Energy Star 
Progranri, to reduce' computer power consumption via 
the^Creatibn of so-called "green" computers. The term 
"green cdhnputdr" typically refers to a computer that en- 
ters low-p6wer nr»ode following a specifieb period of in- 
activity. >t he proliferat ran coniputers in riet- 

wbrks*. with a net work ad- 

ministrator's dutie^. Fol- exartlple. if a network computer ' 
is in sleep nnode (or other tow piower state) it often can- 
not be addressed frorn the network, . ^ 
[0004] Attempts have' been rhade to alleviate this 
problem. For exariiple. Magic Packet^" technology, a 
proposed industry standard jointly^devetoped by Ad- 
vanced Micro Devices arid Hewlett-Packard Cdrjpbra- 
tiori. provides a mechariism whereby a network adrfiin- 40 
istrator 6r network management software can * wake up" 
or power down a network computer by sending it a spe- 
cial Ethernet frarne. Briefly the Ethernet frame includes 
a specific data pattern that can be detected by a spe- 
cially configured network interface controller incbrporat- ^5 
ed in a network cbmpUter. the hetvyork interface con- 
troller is capable of communicating with the network 
computer's power management hardware or software 
to power up or power down the network computer in/e- . 
sponse to a control code portion of the special Ethernet 
frame. 

[0005 J . In addition to networking, hardware and soft- 
ware, today's businesses also invest large amounts of 
money .developing infomnation cphtained in, data files 
such as text dbcurnents and spreadsheets. Protecting 55 
such investments can be critical to the success and rep- 
utation of a business. Public accounts pf the exploits of 
computer "hackers" as malicious code-breakers or 



eavesdroppers are somistiiTies called have tlSerefoirfe^ 
f oceisseki^ and magnifi ed corporate desire's'^f or secure ' 
conr^ uri icat ions and better methods of . protecting data".^^ 
The scope of the prbbleriiHS undoubtedly even more se- ' 
ribus than reported, given the reluctance of many busi- 
nesses to publicize security breaches. As a result/com- ' 
puter manufatcturers'ahd network software developers 
are striving* to incorporate security and integrity features ' 
into their products to restrict access to data contained 
onnetworktiarddrives.'aswellas irifbrmation containe'd 
in oth^r critical network components. ' ' 
[0006] One known approach to security involves en- 
cryptiorl or cryptography.' Cryptography is typically used* 
to protect both data and communications. Generally' an 
original imessage or data item is referred to as "plairi 
text", while "encryption" denotes the process of disguis- 
ing or' altering a ririessage in such a way that its sub- 
stance is not readily discemable. An encrypted nries- 
sage is'sornelimes called "ciphertext". Ciphe'rtext Is re- 
turned to plain text by aninverse operatton referred lo 
as' "decryption". Encryption is typk:£illy accomplished 
through the use of a cryptographic algorithm, which is' 
essentially a mathehnatical function. The rnost comrnoh 
cryptographic algorithms are key-based, where special 
knowledge of variable information called a *key' is re- 
quired to decrypt ciphertext. There are many types of 
key-based cryptographic algorithnns, providing varying 
levels of security. 

[0007] The two nrvDst^ prevalent cryptographic algo- 
rithms are generally referred to as "symnri'etric" (also 
called sedret key or single key algorithms) and "public 
key" (also called asymmetric algorithms). The security' 
in these algbrithrhs is entered around the keys - not the 
details oHhe" algorithm Itself. This rnakes it possible to 
' publish the algorrthm fbr public ^i^utiny and then maiss 
prdduc6 it for incorporation into security products. 
[0(X)8] In symmetric algbrithnris, the encrypibn key 
anti the decryfitibn key ar4 the same: This single key 
enctypiion arrahgerrieht is' not without drawbacks. The 
sender arid reclipient of a message rtiust somehow ex- 
change I rifonmatkpn regarding the secret ke^^ Each 'side ^ 
must trust the'bthe^rhdt to disclose the key Funher, the 
sender must generally corrirriuriicate the key via another^ 
media (sirriilar to a bank sfending the personal identifi- 
cation nurhber for ah AIM card'tfifough the mail). This 
arrangement can iDe inripracticai. for iBxarnple, When the 
parlies interact electronically for the first time over a riet- 
work. The nunnber of keys also Ihcireases rapid|y as the 
nurnbeir of users increases. * ' - 
[0(^] With public key algorithrns. by comparison , the ■ 
key used for encryption is different froim' the key 
for decryption. It is generally very difficult to calculate, 
the decryption key frbnri an encryption key In typical op';^ 
eration, the "public key" used for encryption is made 
publip via" a readily accessible directory, while the cor- 
responding "private key" used for decryption is known 
only to the recipient ofthe ciphertext In an exemplary 
public key transaction, a sender'retrieves trie Vecipienl's 
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put>!iakey andjuses it to encrypt^^e message prior to 
sending.ftv The recipient then ^ecryptSfthe mossage.wrth ; 
the .corresponding private key. It is also pQSsible to. en- 
crypt a message using a private key anc! decrypt Jt using > 
a public key. This is sometime? jjsed in digital signatures,, 5 
to authenticate the source of a message. 
[0010J ,Th^ number of cryptographic algorithms Is 
constantly. groyying. The two most popular are DES (Da-^ 
ta. Encryption Standard) and.RSA (named after its in- 
ventors - Rivest. Shamir, and Adleman). DES is a sym- 10 
metric algorithm with .a fbced key lesngth, RS A is a publjc 
key algorithm that can be used for both encryption and 
digital signatures. DS A (Digital Signature Algorithm) is 
another popular public key algorithrn that is only used 
for digital signatures. With.any of these algorithms, the ^5 
relative difficulty of breakirig an encrypted message by , 
guessing a key with a brute force attack is proportkjnal, 
to the length of the key For example, if the key is 40 bits 
long (5 characters), the total number of possible, keys. , 
(2^) is about 110 billion. Giyen the computational power 20^ 
of modern conriputers, this value is often considered in- 
adequate. By comparison, a. key length of 56 bits (7 
characters); provides 65,636. times as many possible 
values as the 40 bit key. , 

[0011] One prolplem with key-based algorithms is ^ 25 
speed. Public Key algorithms, in particular,, are typically 
on the order of 1,000 times slower than synrimetr[c,algo-. 
rithms. Even symmetric algorithms can be slow, when 
compared with sorcalled "onorway functions" or "one- m 
way hash functions" , . . , - . 

[0012] Briefly, an ideal one-way hash function, denot- 
ed H(M). operates on an arbitrary-lengthlblock pftext or 
message M. The one-way hash function returns a fixed-^. 
length hash. value, h, such that h,= H(Mj, where h is 
oflength rn. One-way hash functions have speqial char- . 35 
acteristics that make them one-way. Given M jfor exarn- ,^ 
pie, it is easy to compute h. Given h, it is impossible to^/ 
reverse the hashing process and cornpute M^^^ ^ 
H(M) = h- Fjurlher, it is.irTipossible,tp find aqpther mop- 
sage. M\ such that H(M) = H(M essience,ltl^Q ^^^h ■ 
way .hash function provides a 'fingerprint" b^^ 
unique, and is therefore usefuljor purposes of authen- ' 
ticating the source of a message .' . , ... ^. , . . \ \ 
[0013] . Briefly, a., computer system according to the 
presenUnyentk^n provides* a secgrg nriethod for cornmu- 
nicatjng remote control comrnarids in a distributed corriT^ i 
puting enyironrhent. A potential, problem^ with prpyiding 
remote conlro| capabilities' in a computer netwoi^k isJthai^ \ 
unauthorized users may broadcast shutdown or wake ' 
up cpmfTiands to network nodes iri ah undesirable rnap- . ^0 
ner. A syistem according to the present invention 
dresses this concern. ^ , 

[001 4] According to the invention, a network adnriiin is- . ^ 
trator or network managerrient software creates a shut- " 
down (or other control command) record including an* ss 
index or time istamp with the date, and tirne on which) the 
shutdown record was created. A secure one-way hash 
function is then performed on the shutdown record. The 



result of the one-way hash function is encrypted, using, 
the network administrator's private key. thereby gener- 
ati^^g a digital signature ofthe shutdown/ecord that can-^: 
be:verifiedby network nodes using the network admin-., ^ 
istrator*S' public keif, -^he digital signature is appended . ^ 
to the original shutdown record prior to broadcast to the , 
network. ^ . ^ - .v .,.. - . )\'^- y 

[0015] Follpwing detection of a broadcast rnessage 
adfJress^d- to it, a network computer apcprding tp the 
invention is^abile to, validate the^brpadcast message jt^y. ^ 
verifying the digital signature of the packet or frame. In 
the disclosed embodiment, the validation procjBss is per- . 
formed by d^rypting the hash yalue representation, of . 
the shutdown record using the network adpninistratpr's , < 
puiplic key, A one-wray hash function is,alsp perfomied, 
on the original, sh utdowri. record portion of the received 
message. If the two hash values nrtatph, the Jbroadcast 
message is determined, to be authentic and the shut- 
down control code is executed: , ^ T , 
[001 6] The present iny entipn thereby protects and aM \ 
thenticates remote control, comnr)and§_^transmitted via , , 
corporate networks, intranets and LANs. Unauthprized^i^ 
user^ and malicious software are prevent ec! from turn- 
ing off ^or waking up) network computers or performing , 
other unauthorized tunptions such as malicious altera- _ . 
tion of ROM code. For nr>achines in which it is desirabie ^ 
to disable remote control functipnality, it is alsb cpntem- 
plated that the public Key ,pfthe network, adn;»inistratbr 
can be invalidated such that the specified maQhjne is^ 
incapable of^ detecting a valid bipadcast message .„f,^ , 
[001 7] A bette r.understanding phhe present invention * 
can be obtained vyheri the^f ollovyjng d^^ description "[ 
of tfie preferred embodiment Js ponsidere^ 
tion.with the follovyihg dra^^ , 

Figure 1 js a schematic block diagram ofa net^^rk.^ 
. computer system incorporating networking capat^l I- 
ities accordance with the present inyeritbn; . l[ 
Figure 2 is a schernatic block diagrarn of an exern; J 
piary local arVa network capable of secij re remote . 
, cqritrol comniuhicat bns according to the present in -' ^ 
Vention; 

Figure 3 is a flowchart diagram illustrating genera-; 
tion of a securp network broadcast message in ac; \ 
cordance with the present invention; and ,J . / , . 
Figure' 4 is a flowchart diagram illustrating the re; 
ceipt and validation erf a secure network broadcast " 
message in accordance with the present invention. 

[00181 , Thefollbwlhg patents and applications are ref-"* 
erenced below: ' - , .. ^. , . .. . ..^ 

Corrirhonly owned U.S. Patent Application SeriaP ' 
/'No. 08/766>21, entitled "A METHOD AN D A^^^ 
RATUS FOR ALlloVVING' ACCESS TO SECURED ' ' 
bOMPUTER RESOURCES BY utlUZINd^ A 
password; AND EXTERNAL ^NCRYPTIdN AL-' ' ' 
g6riTHM". filed on December 13. 1&96\ ' ; ' ; 
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' -CommohV ovmed E(=»-A-0 851' ^335? entitled ^SE^. 
etJRE T^d-PIEGE USER' AUTHENTICATION INI 
* A ^COMPUTER 'NETWORKS' an^ ' - 

^'Comhidhly owhed O s; Patent ■ Application ' Serial 
' No! 08/777.61 6; entitlecl 'METHOD FOR SECURE-" 5 
' LY <:REAtlKlG/ STORING AND USfNG ENCRYP- 
TION KEYS IN A COMPUTER SYSTEM". ' filed dh 
^5ecember 31; 1996i.'^' ' - / : . . : 

[00^19] Referring first to Figure 1 . a network cbmputer io 
system ihcorpbrallhg networking capabilities in accord- 
ance with the present' invention is shown In the pre- 
ferred embodihnent,' the network- computer S incorpo- 
rates two primary buses: a Peripheral Component Inter- 
connect -'(PCI) bbs P which includes an address/data ^5 
portion and a control Signal' portion; and ah Industry 
Standard Architecture (ISA) bijs I which includes ah ad- 
dress portion, a data portion, and a 'control signal por- 
tion The PCI and ISA buses P and I form the architec* 
lural backbone dl the network computer S: ' 
[0020] A CPU/memory subsystem 100 is connected 
to the PCI bus P The processor 102 is' preferiabiy the 
Pentiurn® or Pentium II® processor frorh Intel Corpora- 
tion', or 'any number of similar or next -gene rat ion proc- 
essors. The processor 102 drives data, address, and 2S 
control portions 116, 106, and iOB of a host bus HB. A 
level 2 (L2) or external cache memory 104 is connected 
toth^ host bus HB to provide additional caching'capa- 
bilities that improve the Overall performance of the net- 
work cornpiiterS. The L2 cache 1 04 rri^y be permahent- 30 
ly installed or may be removable if desired; Alternatively, 
the _l22 cache 1 04 miay t^e eiribodied withih the;;102. A 
cache and rnerfibry cdhtroller 110 and a PCI-ISA bridge 
chljEiri StO are ccJnn^ct^ to the control and address por- 
tions 106 and 106 ofthe* host bus HEl The cache and 35 ' 
meirpry, controller chip 1 1 0 is configured tb control a se- * 
ries of data buffers 112. The data buffers 112 are pref- 
erably the 82433LX f rorp Intel, and are coupled to and 
drive the host data bus i16'ahd a MD or' memory data ' 
busJilS that is connected to a memory arrby'l 1 4. A 40 
mernofy address and memory control signal bus is pro- 
vided from the cache and memory controller 110. 
[0021] ' The data tiuff ers 1 i 2; cache and memory cbn- 
troller i io; and PCI-ISA bridge 1 30 are ail connected to 
mePCIbusP. ThePCI-ISAbridge130isusedtoc6nyert 45 
signals between the PCI bus P and the ISA bus L The 
PCI-ISA bridge 130 includes: the necessary address^' 
ctfid dcita buffers, arBilralion and bus iriaster control logic 
to tfePCI bus P, ISA arbitration circuitry, an ISA bus' 
coot fofl[e r asppnyentioha I ly used in IS A sy sterris , an I D E so 
(inteUigeiVt drive electronics) interface, and a DMA con- 
t roller. A hard disk drive 140 is connected to the IDE 
intortapo. oftho PCI-ISA bridge, 1 30, ^Tape drives, CD; . 
ROMjdevices or other peripheral storage devices (not' * 
shQwn) can be similarly cbnhected. 55" 
[0022:] In the disclosed embojdTment, the PCI-ISA 
bridge .130* also includes miscellaneous system logic 
^his fniscellaneous system logic contains counters and 



activity' time>s as conventibnially present in " p^fTsorSt'- 
computer systems, an interrupt controller for both tfiie 
PCI and ISA buses P-arKi I.' and power management, 
logic! Additionally, the m1sce I lahfeous system logic pref- 
erably includes circuitry -for a securitymariagement sys-- 
tenf) used for password verification and to allow access 
to pi*otected'' resources. For example, -the PCI-ISA 
bridge 1 30' ofthe- disclosed embodiment includes vari- 
ous address decode logic and security logic to corltrol 
access to ari internal or externar CMOS/NVRAM mem- 
ory (hdt shown) and ^stored -passwoird values. The 
CfOIOS/NVRAM menrory is coupled to the PCI-ISA 
bridge 130 via a standard I^C bus (also not shown). 
[0023] -The PCI-ISA bridge 1 30 also includes circuitry' 
to generate a firmware initiated SMI (System Manage- 
ment Interrupt), as well as SMI arid keyboard controller 
interface circuitry. The miscellaneous system logic is 
connected to the flash ROM 154 through write protec- 
tiori logic' 164: Separate enable/interrupt signals are al- ' 
so communicated from the PCI-ISA bridge 130 to the 
hard drive 1 40. Preferably, the PCl-ISA bridge 130 is a 
sirigle integrated circuit,' but other corribinations are pos- 
sible. ' ^' [ ' 

[0024] A series of ISA slots 1 34 are connected to the 
ISA bus I to receive ISA adapter cards. A series of PCI 
slots 1 42 are similariy provided on the PCI bus P to re- 
ceive' PCI adajDter cards. 

[0025] A video controller 1 65 is also connected to the 
PCI bus P Video memory 1 66 is used to store graphics 
data and is connected to the video graphics controller' 
1 65 and a digital/analog converter (RAMD AC) 1 68. The 
video grafihics controller 165 controls the operation of 
the' video nriemory 166, allowing data to be written and ' 
retrieved as Vequired. A monitor connector 169 is con- 
nected to the RAMD AC '1 68 for connecting a liioriitor 
u6: ' ^ ' ' : : . ^ . ^ > 

[0026] A combiniatibn I/O chip 1 36 is connected to the 
ISA bus I. The combination I/O chip 136 preferably in- 
cfudeS'a real time ciock, two U ARTS, arid a floppy disR^ 
cpnti^ol lb 'for controlling a floppy disk drive* i38:;'Addi--'' 
tiohaiiy, a coritrol line is provided to the read' and write 
protection logic 1 64 to further coritrol access to the flash 
ROfii 154. Serial port conriectors 146 arid parallel poil 
cbnnector (not shown) are also connected to the com- 
bination I/O chip 1 36. ^ ' ' 
[0Q27] An ,8042, or keyboard controller, is also ihclud-' 
ed in th!e coriibinatibn I/O chip 136 The ke^x>ard'con- 
trpller is of conventional design' and is cofinecte:i n turn 
to a keyboarcl conriector 158 and a mouse or p: -nting 
device connector 160. A keyboard 159 is conn^ 'retd to ; 
the network cbnriputer^ S through the keyboard corinec- 
tor 158.' ^ \' / ' ' ' ' r/'' ' 

[0028] A, buffer 144 is connected to the ISA bus I to 
provide an additionaP X-bus X for 'various additional 
components ofthe network conmputer S. A' flash . ROM 
154 receives its control, address and dafe signals from 
the X-bus X. Preferably, the flash ROM 154 contains' the 
BIOS information for the computer system and can' be 
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remptelyireprogrammedrto alloyv.fpr revisions of the Bj-. 

[0029] ) In the- diselpsed r efnbodinrifint< the network, 
computer S contains; circuitry . for communicating, with a 
removable cryptographic token 1 88. The token can take. 5 
many forms, such as a Touch Memory™ device sup- 
plied by Dallas Semiconductor. Inc., a smart card, or an 
encryption card. The token 1 88 is easily decoupled from 
the network computer S and easily transportable by the 
token bearer. The token 1 88 preferably contains at least io 
one of a variety of , encryptipr) algorithms (such as DES, , 
Blowfish. elliptic curve-based algorithms,, etc.) Al- 
though the base algorithm can be the same in each to- 
ken 188. it is desirable that the encryption key be differ- 
ent in each token 1 88. Ideally, the token 1 88 is capable 
of communicating digitally with the network computer 
during noomentary contact with or proximity to the. net- 
work computer, S. The token 188 pi the disclosed em- 
txxliment is capable of storing the.encryptipn algorithm 
in a non-vplatile manner and can be permarientjy write- . 20 
protected to discourage tampering. Use of such tokens 
is further described in the. previously incorpprated patept , 
application entitled "A METHOD AND APPARATUS 
FOR ALLOWING ACCESS TO, SECURED COMPU- 
TER RESOURCES BY UJILIZIf^G A !p-|^SSWORp AND 2S 
AN EXTERNAL ENCRYPTION ALGbRITHf^". . / \ 
[0030] In the disclosed embodiment pf the invention,, 
the circuitry used for establishing a communication link 
between the token 1 88 and the network connputer S con- 
sists of a probe 186 connected to a COM, or serial port 30 
adapter . 184. The port adapter 184 is connected to the 
FiS232 connector 1 46, In operation, the token ;t 88 is de- 
tachably received by the probe 18.6. The prpb^e 186 in; ^ 
dudes circuitry for reading and writing ,nr)emory in the . 
token 188, aqd.can be fully powered thraugh,thq RS232 . 55 
connector 1 46. In addition, the probe 1 86 includies pres- 
ence detect9r circuitry for ascertaining the presencp of 
atokeri 18a . ■ . . ,,.1 " ; r r V,.; 

[OpisiJ., A network ihterface control^ 

pqrating remote control qapabjiities. such .as thos^^^^ 4?, ^ 
scribed nnore fully below, ^, also ccxinected. to the PCI 
bus Pi allowing the network cpmputer S to.functipri as a , 
"node" on a network. Preferatjly, the n^tvybrk interlace , 
cphtrpller 122 is a single integrated circuit.thkHnciu^^ 
the capabilities neceissary to act as a PCI bus master ^ 45 
and slave, as well ascircpitry required to act as an Ether-- 
net interface. Attachment ..Unit Interface (AUI) and TlO 
base-T conriectors.(n6l shown) are provkJed in the sys- . 
tern. 8, and are connected to the NIC 1 22 yia" filter and ^ 
transformer circuitry. This circuitry forms a network or ^ 50 
Ethernet cpnriection for connecting the network cpmpu- 
tei- S to a distributed computer environment or local area 
network. (LAN) as shown in Figure 2. The network inter-, 
face cpntroller .1 22 can be located on the motherbpaVd ^ 
and connected to a network via an RJ-45.cpnnector jnot 55 
shown). This configuration is becorning more popular as 
Etherriet gains widespread acceptance for desktop net- 
working* * . 



[0032] Most ojtoday's-personal computers^also inqor- 
pprate; some; fprm , otadvanped - power management 
hardware/software 180 (such as Compaq Povyer;Man- 
agerner^^.-Spftwa^e) for controlling. .p9wer; distribution 
from a power suppjy 1 82.The,power managernent hard- 
ware/software /1 80 typically allows the network compu- 
ter S to be placed in any. one of a number of different 
power down states, from merely reducing processor 
clock speed to powering down everything except the 
r>etwork interface controller 122.; In a typic^l computer j ; 
system S, the power management hardw^are/software 
180 scans for any one of several events that serv^ lo . 
v^ke up the system. Such events.may include keyboard , 
159 keystrokes or mpuse rnovement. A Magic PacketJ^ 
indication signal can easily be included among the spec- 
ified wake-up or power down events. , , ^ - 
[0033] , The, network interface controller. 122 is sup- . 
plied with power by an auxiliary portion of ppwer source 
1.82 and is capable of communicating, with a network 
(see Figure 2). Rurlher, with the iy/lagic Packel^^ mpde ^ 
(discussed rnore fully bisipw) enatjied, the network jn- 
terface cpntroller 1 22 is capable of alerting the rietwork , 
computer's ^.f>ower management hardware/spftvyare. 
180 following receipt of a valid Magic Packet™ frame. . 
Conversely, the computer's pqwer rnanagement harpi- ^ 
ware/software 180 is able to place the network interface, 
controller 122 into Magic Packet^** mode prior to the 
cprnputer system S eritering a kpjw power state. This can 
be accomplished, for example, by either setting a bit in " 
an intemal register or by driving a specified piri to a spec- 
ified state. Once ir> Magic Packet™ mode, the; ne^twprk , 
interface controller 1 22 no longer, transrnits f rarri^s^^arid 
scans all incornjng f rames* addressed to 
data sequence irKiicating that the frame is a MagiaPackv > 
et™ frame the Magic Packet™ f carne must coii^gly wjth | \ 
the basic requtrenhents pf the chosen L/VN tecHnojo^, .^^ 
such as source address, destiriatiori addiress arid C RC, 
[0034] The precise riature pfthe remote, cpntrpl net:; 
working mechariism, is not considered criticattp .the in- , 
ventiori arid can take mariy forms, even within the con- , 
fines of the Magic Packet™,standard. Most network in- 
terface cbntrpllei^s 1 22 al ready incorporate' addi^ess^ ^ 
matchirig circuitry to recognize regular frames address 1*^ 
tqjhe node. This circuitry can generally be adapte.d fo^^^^^ * 
use with the Magic Packet™ standard. Counter iplrcuitry, 
in particular, may r^eed to be added to the 'address ' 
nniatching circuitry. . , , V ' 

[0035] It is noted Ifiat Figure 1 presents an exerhplary' 
embodiment of the network conriputer S and it is under- 
stood that numerous other effectiye embodiments ca- " ' 
pable of operation in accordance with the present iriveri- ; 
tion , could " readily be developed as known to Ihose 
skilled in'the art. / ; ' ' . . . ' ' ' ' /. , 

[0036] Referring now to Fig. 2, an exemplary di.sVib-^ ;^ 
uted access environirient capable of secure remote con-' ' ' 
Irol communicatk>ns according to tiie present Is shown.' 
The disclosed netvydrk ^00 includes a netwprk admiriis"- ' 
trator cprnputer 202 and a plurality of network comput- 
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ers deprctiiclasrietWork 206 arid 208. 

A network iriterface icxmtfoller 214 bfth'e network admin- 
istrator computer 202 c»rnmuhida1es with* a network in- 
terface controller 1 22 in each'of the network computers 
S: Gbniponents ofthe network 200 are coupled via a net- 
work connection 2081 Afthougfi^Ma^ Packet™ or isini- 
ilar technok>gy is ndf limited to anyone particular type 
"of network (k^rinection -208. a fOBASE-T, 100-BASE-t 
•or similar <5ohnectiori 208 is preferred. ' ^ • 

[0037] As described rhore fully in corijunctibn with Flg- 
ure-3, vvheiri the netWork administrator desires to shut 
down -or activate a particular network computer 204. 
206, or 208, a shutdown record 210 is" generated. Prior 
to corhrtiunication bver the netwADrk, a digital signature 
of the shutdown record is generated (at element '212). 
The digital sij^riature is created by first performing a one- 
way hash function on the^shutdowntecord, follow^ by 
encrypting the resulting value with the network admin- 
istrators private key Thfe 'digitarsignatDre is th^n ap- 
pended io (he shutdown record prior to broadcasting 
over the netwbrk via network interface coiitroller 214: ' 
[0038] The encryption algorithms utilized in element 
1212 can lake many forms, including all dfthe aforemen- 
tioned algorithms. The encryption processes are prefer- 
ably carried out in secure memory thai is hot readable 
or wnteable and danhot be "sniffed" by ^Ur'r^ptitious pro- 
grarhs 6r viruses having the ability to monitor and inter- 
cept'processes running in normal rhembry. Such a mem- 
ory configuration is disclosed, fiDr example. ih^"METHOD 
FOR SECURELY CREATING, STORING AND USING 
ENCRYPT ION KEYS IN A COMPUTER SYSTEM:"'p)re- 
viously iricbrporated by reference. It is also coritertiplat- 
ed that ttie shutdown record itself coUkJ be sirriilarly eri- 
crVpted prior to broadcast over the" net work 206:^ " ' 
[0039]^ Tfte network administrator computer 202 pref- 
erably includes neit work management software such ab' 
Compaq Insight Manager Such sbftware solutions' aj- 
low an administrator to control and interrogate rriultiple 
network' bomputers'S^nd download software (e.g., up- 
dat Jd ROM code) to network' computers S while they 
are fuliy pbwered. the network m'anagerrient software 
rriay iricorporatb server- br client-based managenjeht 
data coilection "agerits" and allow network administra- 
tors to remotely track and updatb network node corifig- 
uratioris throughout a network 290. 

REMOTE CONTROL CAPABILltlES * ' ' ' 

■-> ] r- » — • — r; —/ , ■ 1 

[OMO], In a system jmplemehted according to the 
Magic Packet™ specification, a method is provided 
whereby a network^ a'dministratbr or network mariage- 
rnent software can remotely activate a sleeping network 
cornputer S. On the receiving side of the network '200. 
this is accomplished by enabling power to the network 
interface controller 1 22 of a particular network computer 
S even while the network cornputer S is in a low power 
state The network interface controller 1 22 monitors the 
network 200 for a specific Ethernet frame Each ma- 
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'chine on the 'network is identified by a unique address. 
In1he special Ethernet frame; the targeted hetwork corh- 
puteJ's S unique address is repeated sixteen tirhes frr a 
-Vow ariywhere within the data field of a valid network 
Uan\e\ serv^^ing as'a Wake-up call. This special frarhe -is 
referred to as a -Magrc Packet"* frame. ' 
[0041] ■ AsrKJted, the computer system S iaiso fficludes 
power rnanagemeht hardware/software 180 that func- 
tibhs to kpply power to the network interface controller 
10 122 vi^en Magic Packet™ nrKKJb is enabled. This proc- 
ess can be accomplished through BIOS or other soft- 
ware tfiat is generally aware of the state of the system 
and capable of setting a bit in the network interface con- 
troller 122 to enable Magic Packet™ mode. Alternative- 
'5 ly, a network operating system driver configured to mon- 
itor Advanced Power Management ( APM) calls could be 
utilized to enable and disabled Magic Packet™ mode. 
[0042] Through the specialized hardware/software, 
the network interface controller* 1 22 is also capable of 
20 signalling thd power management hardware/software 
180 to enable power to the hetwbrlc computer S follow- 
ing receipt of a valid Magjic Packet™ frame. This signal 
can be considered analogous to a wake -up event such 
as a keyboard keystroke or mouse rndverrient. In a con- 
25 templated enr^bodiment of the invehtibri, ROM POST 
cixle'f unctions to boot the'cbmputer system S and return 
the nbtwork' interface controiler tbj^a normal operating 
mixte foliowthg receipt of a wake-tip event. ' 
[0043] A Magic Packet™ frame for use vyith the dls- 
30 ck>sed embodiment includes sixteeri duplications of the 
address of a particular network cornputer S. with ho 
breaks oi; interruptions. The address sequence ckn be 
located ^n^ Magic Packet™ frame, but 

Is proceeded by a synchronization strekrh that simplifies 
3S the sdanning state nriachine ofthe network interface coiS- 
troller ' 1 22! |The synchronization flrarne is defined as six 
bytes of "FFh". Preferably^ the net work interface dbhtrol- 
lerW22 or 'MULTICAST frames ih- 

cluding the sixteen duplibyibhs of the adciress matching 
"^0 the address of the "targ^^ ' 
[0044] , 'As ah ^xamplb, assume the addre'ss for a piar- 
ficufar hCKife 55h 66h 77h 88h 99h. 

In this situation; the netwbrk interface dbht rplliar 1 ^ oft- 
hat node scans for the following data sequence in an 
Ethernet frame: ^ .y 

(064S] DEST! NATION SOURCE MISC FIf FF FF F^F 
FF 'FF 44' '55 jB6 77 88 9^ 44 55 66 77 88 99 44 55 66 
77 88 99 44 55 66 77 88 99 44 55 66 77 88 99 44 55 66 
77 88 99 44 35 66 77 88 99 44 i55 66 77 88 99 44 55 66 
so -fi 88 99 44 55 66 77 88 99,44 55 66 77 88 99 44 55 66 
77 88 99 44' 55 66 77 88 99 44 55 66 77 88^99 44 55 66 
77 88 99 44 55 66 77 88 9^ " 
[0046] Referring' now' to Figb re 3 a flowchart diagrariri 
illusti-ating generation of a secure netwbrk broadcast 
55 message in accordance with the present inventipri is 
shown. Following commencement of the procedure in 
step 300, control proceeds to step 302 where the nist- 
work administrator or hetwork management software 
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creates a. shutdown, record for one on-rriore network 
computers S: When implemented using the Magg: 

. et™ techrK>logy. th% shutdown message includes the 
aforemeptioned. specific data sequence addressing the 

. desired network computers S and indicates.tp the net- s 
work interface controllers 122 of these nodes that a 
Magic Packet frame Js being broadcast. The shut- 
down record ajso includes^a control code directing the 
desired network nodes to enter a low ppvyer state. Also 
included is a secure index (e.g., a time.stamp indicating 10 
the date and time on which the shutdown record is cre- 

. ated). r,.-]: ^ • . • . . . 

[0047] Control next proceeds to. step, 304 and a se- 
cure onofway hash function is performed on the shut- 
down record, resulting in a hash code representation of ^5 
the record. In.practice, pubjic key algorithms, although 
capable,, are often inefficierit when used to, sign long 
documents. In the preferred embodiment ofthe inven- 
tion, this problem is addressed by generating a one-way 
hash of the shutdown record pjipr to encryption with the ,20 
network administrator's pulplic key. . The hash yalue is 
commonly limited to.a predetermined length., 
[0048]. Preferably, the Qne-way,hash function Js per- 
formefl in a secure rnanner resistant to, snooping or at- 
tack by malicious code. Contemplated methods for ac- 25 
complishing the secure one-way hash funption include 
those illustrated in the previously incorporated reif^renc- 
es entitled: -SECLil^E TyyO-PIECE USER AUTHENTI: 
CATION IN A COMPUTER NETWORK" and "METHOp 
FOF=i SECURELY CREATING. STORING AND USING 30 
ENCRYPTION KEYS IN A COMPUTER SYSTEMV 
[0049] Fpl lo wihg completion of step 304, pontrol next 
proceeds to step. 306 and the sec ur^ hash. code. r^^^ 
sentatipn ofthe shutdown record is' ericfypted utilizing 
the network administrat'pr's private key. .Agafp. .the. en- 35 
cryptioh prppess is preferably performed ; in, a .secure 
manner. In essence, step 306 producjas a digital siigna- 
lure ofthe shutdown record th^t is then appentjied to~the^ 
priginai shutdown record in §tep"3p8.;^ 
to' step.'3ld and the encrypted hash 9^^^ the shDfdow 40 
record. in .addition to the. original shutdown /ec^^^ 
broadcast to a computer network huch as that depicted 
in Figure 2, cVntrdi then proceed^^ optional ,|tep 31 ? 
and the network computers\^7fesponses^^ broad- 
cast message are recorded. . j "^^^ 
[0050] . peferring now^to Figgre 4, a flow chiart diagrjam 
is pr^ovided illustrating the receipt arid validation of- the 
secure rielwork^b/oadcast message in accordance with, 
the.pref erred embodiment of the present invention, this 
prbced ure is typically used to verify . that the broadcast ^0 
fnessage was neither modified in transit nor originated 
from' an unauthorized spurce. Follovyjng corhmence- 
ment oftho procedure in step 400. control prbcbeds to 
step 402* where the network interface contrbller .122 of 
the net work coirnputer S detects and scans al I broadcast ss 
messages (or incbminig frames). / . 
[0051]. Following detection of a broadcast message, 
cdnlrbl prp6eeds to step 404 where the network 'inter- 



face contrQHer.1 22 examines the broadcast rriessag© for 
,a spepffic data.sequerice, indiqating .that .the message 
.contains, a Magic Backet^ frame;; The broadcast mes- 
sage is also examir;iedjto,determine if ,it is addressed to 
the receivin9 network computer S. ^f ,npt. control loops 
to step 406 and , the., network interface controller 122 
awaits the next broadcast message, , 
[0052] If the receiving ( network computer S deter- 
mines that the broadqast message is directed to it as 
.deteirnined in step 404, conlrql proceeds 4q step 408 
where the digital signature or encrypted fna^h pprtion .pf 
the received message is decrypted using the adminis- 
trator's public key. Coritrol next proceeds to step 410 
where the,network interface controller 122 Of other sys- 
tem, cprnponent performs a one-way hash Junction on 
the .shutdown, record pprlipn, ofthe receivers message. 
The ^decrypted hash of step 408 and the hash f uncjlipn 
re$u|t of step 41 0 are then compared in step 4.12. If pe 
two hash values do not rratch, the.broadcast nnessage 
Jails the verificalion process and conlrol is returned lo 
step 4<j6 to await the next broadpast message. If the 
.broadcast rnessape is validated. ^s secure m step.412, 
control proceeds to step 414 and the receiving netvyorii 
cprrjputer S broadcasts an optipi^ial acknowledgement 
message. . Control proceeds to step 416 and the shut- 
down control codepf' the broadcast rnessage is e^ecut; 
ed by the receiving network computer S, which either 
enters a low power state, awakens, or performs some 
other. predeterminied function. The verification process 
is ended step in. 41 8. , ^ . .. ; - ; . , , : ' 

[0053] , ; For machines in which it isi flesyabj.e! to disable 
remote cpntrol J urjctk>nality, it 'is cpritemplatedj^ the 
public^ keyjOfthe rietvAprk administrator cari irivalidat- 
ed such that "the specified machine is iricapable .pf, de- 
tect ing, a valid broadcast, message. TO may be desir- 
able for use.with rietwbrk cpriiponents.containing priticpal 
or highly sensitive information.^ /. ' . 

[0054]. Thus, a rnethpd has been describe.d.for Pfovid- 
irig secure rernpte cpntrol commands in a distributing^ 
cornputer envirpnrripht. In the preferred embpdi me ot 
ofthe invention, the'' network adrn in istrator or netwprk 
management software creates a shutdpvyn record, Jn- 
ciuding an index or tirne stamp, for powering. down a 
specified, network corhputer(s). Pripr to broadcast pyef. 
the network, a secure one-way hash function is per- 
formed on the shutdown record. The result ofthe one- 
way hash function is .encrypted using the network ad-, 
minislralor's private key. thereby'generating a digital 
signature that can be. verified by specially configured 
rielvydrk nodes. The digital signature is appended to the; 
driginar shutdown record prior to broadcast to the net- 
work. Upon receiving the broadcast rnessage,, trie, tar- 
geted network cornputer validates the broadcast mes- 
sage by verifying the digital signature of the packet or;' 
firarhe. The shutdown record or other command code is 
only executed following authentication of the broadcast , 
rnessage. / . . . ^ ' . -t -. - . . 
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1 . A method for securely broacicasting remote control 
comnr^ds in a computer network including at least 

' one targeted network computer capable of respond- 
ing to remote control commands f rorin a network ad- 
m in istratdr computer or other network computer, 
the method comprising the steps of: 

generating* a remote control comm^d; 
creating a digital signature of the renrwDte control 
^ ' command; ' ' 

appending the digital signature to the renriote 
control command to create a broadcast mes- 
sage; and 

cdrrirnunicatihg the broadcast message to at 
least one targeted network'computer. 

2. The method of claim 1 . wherein the step of creating 
a digital signature of the^ remote control command 
cornprises: 

pferforming a one-way hash function on the re- 
nrK>te control command to generate a signature 
hash value; and ' 

encrypting the signature hash value with a pri- 
vate key. 

3/ The method of clairh 2, wherein the targeted net- 
^ ' work computer(s) further perfonrfis the steps of : 

decrypting the signature hash vailiie portion 
ofthe broadcast message using a public key 
corresponding to the private key; 
performing a one-way hash function on the re- 
mote control command portion ofthe broadcast 
message to generate a verification hash value; 
and 

comparing the decrypted signature hash value 
with the verification hash value. 

4. The method of claim 3. wherein the targeted net- 
work computer(s) further performs the step of: 

executing the remote control command only 
if the signature hash value and the verification hash 
value are identical. 

5. The method of claim 3, further comprising the step 
of invalidating the public key corresponding to the 
private key in at least one network computer such 
that predetermined remote control commands can- 
not be validated. 

6. The method of any of claims 1 to 5, wherein the tar- 
geted network computer(s) further performs the 
steps of: 

utilizing the digital signature to verify that the 



' '* broadcast nniessage is authbrizedf and * • 
" = " * • executing the remote control "cbrnitianB only if 
' ' " ' the broadcast message is ' authentic and au- 
thorized.' ' ' ^ ' / ' - 

5 

7. The method of any of claims 1 to te." wherein the re- 
riribte control command includes an index or time 
■' ■ - stamp. ' ' ■ ' ^' ' • 

10 8. The method of any of claims 1 to 6. wherein the re- 
mote control comiihand directs the targeted network 
computer to enter a low pdwisr state. ' 

9. The nnethod of any of claims 1 to 6, wherein the re- 
^5 mote control coimmand directs the targeted network 

computer to enter a fully powered state. 

10. The method of claim 2 on any claim when depend- 
ieht thereon. Wherein the private key Is maintained 

20 * in secure merrtory space. 

11. The nrtethod of any of blainis 1 to 10, wherein the 
step of communicating the broadcast message to 
aX least one targeted network computer is substan- 

25 tially compliant with the Magic Packet™ specifica- 
tion. 

12. The method of any of claims 1to 11, wherein the 
digital signature is generated during a secure mode 

30 of operation or in secure computer memory. 

is: A coniputer system configured to receive secure 
network communications, the secure network com- 
rnunications having a remote control command and 
3S a digital signature, the computer system compris- 

^'ing:/' " ' 

a system' bus; ' 
, a processor coupled to the system bus; 
,! i , power nriahagement hardware or k>ftware; and 
network iiriterface circlJitry coupled to'the sys- 
tem bus and the power management hardware 
or software, the network interface circuitry con- 
figured to perform or direct the 'steps of: 

Utilizing the digital sigha^^^ 
the broadcaW message is authentic; and 
permitting the executidh of llie remote con- 
trol command only if the broadcast mes- 
-50 ^ * sage is authentic, 'whereiri the remote con- 

trol comrhand caijses a change in state in 
, , ^ the power fTianagement hardware or soft- 
[ ware. . . , 

55 14, A computer system according to claim 13. further 
comprising: 

a nriass storage device coupled to the system 

bus. 



8 



15 



.EP;^0 8?8 21jB^^^ 



16 



15. The computer system of claim 13 or claim 14, 
/ wherein the change in state in the pow^r manage- 
. , , " m.ent hardware or software causes the computer 

system to enter a low power mode. , , . 

16. The computer system of claim 13 or claim 14, 
wherein the change in state in the power manage- 
ment hardware or software causes the computer 
system to become fully powered. 

17. The computer system of any of. claims 13 to 16, 
wherein the digital signature comprises a hash code 
representation of the remote control command, the 

. . hash code representation encrypted with a private 
... , key, .and wherein the step of utilizing the digital sig- 
nature to verify that the broadcast nriessage is au- 
thentic comprises: 

decryfDting the signature hash code . represen- 
ialion of Ihe broadcast message using a public 
key corresponding to the private key; 
performing a one-way hash function ori the re- 
nriote control command pbrtiphpfthe hrMdcast 
message to generate a verification hash yalue; 
and . ^ 

comparing the decrypted hash code represen- 
tation of the broadcast message with the veri- 
fication hash value. ^ , . 

18. The computer system of any of claims 13 to 17, 
wherein the network interface circuitry is further 
configured to substantially comply yyith the Magic 

. Packet^" specification, . ^ . - , 

IQ. ..The computer system of any pfclairiris 13 to 18. fur- 
ther comprising a non-writeable secure memory 
space coupled to the processor, wherein the public 
key is maintained in the secure memory space. 

20. A computer system configured to broadcast secure 
" cornputer, network communcatiohs.Jthe computer 
system comprising: ' 

a isyslenn bus; . ^ 
a processor coupled to the system' bus; 
a processor readable storage medium coupled 
; to the system bus tor directi^^^ 
peHorrn the steps of : , * * 

' generating a remote control command; 
' creating a digital signature of the remote 

control command; and 
' appending the digitarsignature to the re- 
mote control command to create a broad- 
cast message; 

network interface circuitry coupled to the sys- 
' ' "tern bus', Ihe hetWoirk interface circuitry respon- 



sive to a command(s) from the proces^pr lo 
transmit the broadcast message to a computer 

. ,i ... .network,;,..,, ^. ^. . ; ..^ v 

.5 ,21. A computer system according to claim 20.Jurther 
comprising:,, , , .. 

. a mass storage device coupled to the system 
bus. . 

70 22. The, computer system , of claim 20 or claim 21, 
. wherein the step of creating a digital signature of 
the remote control command corriprises, the steps 

.of: _ , . . 



75 



20 



performing a one-way hash function, on the re- 
. motepontro! comnriand to gerierate a signature 
ha^h value; and 

encrypting the signature hash value with a pri- 
, .vatekei^ . . . i.. 

23. ffie conriputer system of any of claims 20 tp 22, 
wherein the broadcast message is substantially 
compliant with th^ Magic Packet^ specification. 



^5 24. The computer system of any of claims 20 to 23, 
wherein the remote control command includes an 
index or time stamp. 
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25. The computer system of any of cjaims 20 to^ 23, fur- 
ther comprising a secure merppry space coupled to 
the processor, wherein the private key is maintained 
in the secure memory space. f., . .. .t 
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